CVE-2021-22769

CWE-552Files Accessible to External PartiesCWE-269Improper Privilege Management3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 54.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Schneider-electric Easergy T300 Firmware
Timeline
PublishedJun 11
Latest updateMay 24

Description

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5easergy_t300_with_firmware_v2.7.1_and_olderEasergy T300 with firmware V2.7.1 and older

🔴Vulnerability Details

2
GHSA
GHSA-979h-w3gc-xrmq: A CWE-269: Improper Privilege Management vulnerability exists in EnerlinÕX ComÕX versions prior to V62022-05-24
CVEList
CVE-2021-22769: A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V22021-06-11
CVE-2021-22769 (MEDIUM CVSS 4.3) | A CWE-552: Files or Directories Acc | cvebase.io